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Copy for the Elected Office (EO/US) PCT/IB 99/00303 

'ATENT COOPERATION TRl TY ^' ^ ' 



From the INTERNATIONAL BUREAU 



PCT 

NOTIFICATION OF THE RECORDING 
Or A tHAIMbb 

(PCT Rule 92bis.1 and 
Administrative Instructions, Section 422) 


To: 

PH7CMQ Pant Ronnie QfeU^ 

Mathys & Squire A * 7$$ 
100 Grays Inn Road 0^ 1 
London WL1X oAL rttet2*" 
ROYAUME-UNI ^O^ 06 


Date of mailing (day/month/year) 
28 August 2000 (28.08.00) 


Applicant's or agent's file reference 
PDC/AB/21224 


IMPORTANT NOTIFICATION 


International application No. 
PCT/IB99/00303 


International filing date (day/month/year) 
11 February 1999(11.02.99) 



1. The following indications appeared on record concerning: 

X the applicant X the inventor [ j the agent j J the common representative 


Name and Address 

MAILLARD, Michel 

42, avenue du Mar6chal Leclerc 

F-28130 Maintenon 

France 


State of Nationality 
FR 


State of Residence 
FR 


Telephone No. 


Facsimile No. 


Teleprinter No. 


2. The International Bureau hereby notifies the applicant that the following change has been recorded concerning: 
| | the person | | the name | X | the address | | the nationality | | the residence 


Name and Address 

MAILLARD, Michel 
13, avenue du Pare 
F-78120 Rambouillet 
France 


State of Nationality 
FR 


State of Residence 
FR 


Telephone No. 


Facsimile No. 


Teleprinter No. 


3. Further observations, if necessary: 


4. A copy of this notification has been sent to: 
| X | the receiving Office | | the designated Offices concerned 
| | the International Searching Authority | X | the elected Offices concerned 
| | the International Preliminary Examining Authority | | other: 



The International Bureau of WIPO 


Authorized officer 


34, chemin des Colombettes 


1. Britel 


121 1 Geneva 20, Switzerland 


Facsimile No.: (41-22) 740.14.35 


Telephone No.: (41-22) 338.83.38 



Form PCT/IB/306 (March 1994) 003492284 



PCT/IB99/00303 

P cNT COOPERATION TREA 



From the INTERNATIONAL BUREAU 



PCT 

NOTIFICATION OF ELECTION 

(PCT Rule 61.2) 


To: 

Assistant Commissioner for Patents 
uniieo otates raient ana i raaemarK 
Office 
Box PCT 

Washington, D.C. 20231 
ETATS-UNIS D'AMERIQUE 

in its capacity as elected Office 


Date of mailing (day/mo nth/year) 
23 August 1999 (23.08.99) 




International application No. 
PCT/IB99/00303 


Applicant's or agent's file reference 
PDC/AB/21224 


International filing date (day/month/year) 

11 February 1999(11.02.99) 


Priority date (day/month/year) 

13 February 1998(13.02.98) 


Applicant 

MAILLARD, Michel etal 



1. The designated Office is hereby notified of its election made: 

| X | in the demand filed with the International Preliminary Examining Authority on: 

04 August 1999 (04.08.99) 



| | in a notice effecting later election filed with the International Bureau on: 



2. The election | X | was 

| | was not 

made before the expiration of 19 months from the priority date or, where Rule 32 applies, within the time limit under 
Rule 32.2(b). 



The International Bureau of WIPO 


Authorized officer 


34, chemin des Colombettes 


S. Mafia 


1211 Geneva 20, Switzerland 




Facsimile No.: (41-22) 740.14.35 


Telephone No.: (41-22) 338.83.38 



Form PCT/IB/331 (July 1992) . 2804095 
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PCT 



INTERNATIONAL SEARCH REPORT 

(PCT Article 18 and Rules 43 and 44) 



Applicant's or agent's file reference 
PDC/AB/21224 


FOR FURTHER see Notification of Transmittal of International Search Report 
_ ~— . — (Form PCT/ISA/220) as well as, where applicable, item 5 below. 
ACTION 


International application No. 


International filing date (day/month/year) 


(Earliest) Priority Date (day/month/year) 


PCT/ IB 99/00303 


11/02/1999 


13/02/1998 


Applicant 






CANAL+ SOCIETE ANONYME et 


al . 





This International Search Report has been prepared by this International Searching Authority and is transmitted to the applicant 
according to Article 18. A copy is being transmitted to the International Bureau. 



sheets. 



This International Search Report consists of a total of 2 

PH It is also accompanied by a copy of each prior art document cited in this report. 



1 . Basis of the report 

a. With regard to the language, the international search was carried out on the basis of the international application in the 
language in which it was filed, unless otherwise indicated under this item. 

I | the international search was carried out on the basis of a translation of the international application furnished to this 
Authority (Rule 23.1(b)). 

b. With regard to any nucleotide and/or amino acid sequence disclosed in the international application, the international search 
was carried out on the basis of the sequence listing : 

| | contained in the international application in written form. - 
• filed together with the international application in computer readable form, 
furnished subsequently to this Authority in written form, 
furnished subsequently to this Authority in computer readble form. 



2. 
3. 



□ 
□ 
□ 
□ 

□ 

□ 
□ 



the statement that the subsequently furnished written sequence listing does not go beyond the disclosure in the 
international application as filed has been furnished. 

the statement that the information recorded in computer readable form is identical to the written sequence listing has been 
furnished 

Certain claims were found unsearchable (See Box I). 
Unity of Invention Is lacking (see Box II). 



4. With regard to the title, 

[X| the text is approved as submitted by the applicant. 

| | the text has been established by this Authority to read as follows: 



5. With regard to the abstract, 

PC] the text is approved as submitted by the applicant. 

I I the text has been established, according to Rute 38.2(b), by this Authority as it appears in Box III. The applicant may, 
1 — 1 within one month from the date of mailing of this international search report, submit comments to this Authority. 

6. The figure of the drawings to be published with the abstract is Figure No. 9 \Q 

PH as suggested by the applicant. Q None of the figures. 

I I because the applicant failed to suggest a figure. 

I I because this figure better characterizes the invention. 



Form PCT/ISA/210 (first sheet) (July 1998) 



INTERNATIONAL SEARCH REPORT 



Inte^rfon 

4P« 



Int^ji^onal Application No 

B 99/00303 



A. CLASSIFICATION OF SUBJECT MATTER 

IPC 6 H04N5/913 



According to International Patent Classification (IPC) or to both national classification and IPC 



B. FIELDS SEARCHED 



Minimum documentation searched (classification system followed by classification symbols) 

IPC 6 H04N 



Documentation searched other than minimum documentation to the extent that such documents are included in the fields searched 



Electronic data base consulted during the international search (name of data base and, where practical, search terms used) 



C. DOCUMENTS CONSIDERED TO BE RELEVANT 



Category ° Citation of document, with indication, where appropriate, of the relevant passages 



Relevant to claim No. 



FR 2 732 537 A (CANAL+ SOCIETE ANONYME) 

4 October 1996 

cited in the application 

see the whole document 

EP 0 714 204 A (LG ELECTRONICS INC) 
29 May 1996 

see the whole document 

EP 0 763 936 A (LG ELECTRONICS INC) 

19 March 1997 

see the whole document 



1,26-29 



1,26-29 



1,26-29 



| | Further documents are listed in the continuation of box C. 



Patent family members are listed in annex. 



• Special categories of cited documents : 

"A" document defining the general state of the art which is not 
considered to be of particular relevance 

"E" earlier document but published on or after the international 
filing date 

"L" document which may throw doubts on priority claim(s) or 
which is cited to establish the publication date of another 
citation or other special reason (as specified) 

"O" document referring to an oral disclosure, use, exhibition or 
other means 

"P" document published prior to the international filing date but 
later than the priority date claimed 



"T" later document published after the international filing date 
or priority date and not in conflict with the application but 
cited to understand the principle or theory underlying the 
invention 

"X" document of particular relevance; the claimed invention 
cannot be considered novel or cannot be considered to 
involve an inventive step when the document is taken alone 

"Y* document of particular relevance; the claimed invention 

cannot be considered to involve an inventive step when the 
document is combined with one or more other such docu- 
ments, such combination being obvious to a person skilled 
in the art. 

document member of the same patent family 



Date of the actual completion of the international search 



7 May 1999 



Date of mailing of the international search report 



18/05/1999 



Name and mailing address of the ISA 

European Patent Office, P.B. 5618 Patentlaan 2 
NL - 2280 HV Rijswijk 
Tel. (+31-70) 340-2040. Tx. 31 651 epo nl, 
Fax: (+31-70) 340-3016 



Authorized officer 



Verleye, J 



Form PCT/1SA^210 (second shoot) (July 1992) 



INTERNATIONAL SEARCH REPORT 

Infc^^^^n on patent family members 



lonal Application No 

IB 99/00303 



Patent document 
cited in search report 



Publication 
date 



Patent family 
member(s) 



Publication 
date 



FR 2732537 



04-10-1996 



NONE 



EP 714204 



29-05-1996 



CN 
JP 
US 



1137723 A 
8242438 A 
5757909 A 



11-12-1996 
17-09-1996 
26-05-1998 



EP 763936 A 19-03-1997 CN 1150738 A 28-05-1997 

JP 9093561 A 04-04-1997 
US 5799081 A 25-08-1998 



Form PCT/ISA/210 (patent family annex) (July 1992) 



BATE NT COOPERATION TREATY 



From the: 

INTERNATIONAL PRELIMINARY EXAMINING AUTHORITY 



To: 

COZENS, P. 
MATHYS & SQUIRE 
100 Gray's Inn Road 
London WC1X8AL 
GRANDE BRETAGNE 



MATHYS & SQUIRE - /. 
0 \ DEC ^^^3 



PCT 



WRITTEN OPINION 
(PCT Rule 66) 




29.11.1999 



Applicant's or agents file reference 
PDC/AB/21224 



within 3 month(s) 

from the above date of mailing 



International application No. 
PCT/IB99/00303 



International filing date (day/month/year) 
11/02/1999 



Priority date (day/month/year) 
13/02/1998 



International Patent Classification (IPC) or both national classification and IPC 
H04N5/913 



Applicant 

CANAL+ SOCIETE ANONYME et al. 



1 . This written opinion is the first drawn up by this International Preliminary Examining Authority. 

2. This opinion contains indications relating to the following items: 



I 




II 


□ 


III 


□ 


IV 


□ 


V 


(SI 


VI 


□ 


VII 




VIII 





Lack of unity of invention 

Reasoned statement under Rule 66.2(a)(ii) with regard to novelty, inventive step or industrial applicability; 
citations and explanations supporting such statement 



3. The applicant is hereby invited to reply to this opinion. 



When? 



How? 



Also: 



See the time limit indicated above. The applicant may, before the expiration of that time limit, 
request this Authority to grant an extension, see Rule 66.2(d). 

By submitting a written reply, accompanied, where appropriate, by amendments, according to Rule 66.3. 
For the form and the language of the amendments, see Rules 66.8 and 66.9. 

For an additional opportunity to submit amendments, see Rule 66.4. 

For the examiner's obligation to consider amendments and/or arguments, see Rule 66.4 bis. 
For an informal communication with the examiner, see Rule 66.6. 



If no reply is filed, the internatiortal preliminary examination report will be established on the basis of this opinion. 



4. The final date by which the international preliminary 

examination report must be established according to Rule 69.2 is: 1 3/06/2000. 



Name and mailing address of the international 
preliminary examining authority: 

European Patent Office 

dm D - 80298 Munich 

C&f Tel. +49 89 2399 - 0 Tx: 523656 epmu d 
Fax: +49 89 2399 - 4465 



Authorized officer / Examiner 
Revellio. S 



Formalities officer (incl. extension of time limits) 
Corcos, E 

Telephone No. +49 89 2399 7418 




Form PCT/IPEA/408 (cover sheet) (January 1994) 



WRITTEN OPINION 



International application No. PCT/IB99/00303 



I. Basis of the opinion 

1 . This opinion has been drawn on the basis of (substitute sheets which have been furnished to the receiving Office 
in response to an invitation under Articie 14 are referred to in this opinion as "originaily fiied".): 

Description, pages: 

1 -31 as originally filed 

Claims, No.: 

1 -29 as originally filed 

Drawings, sheets: 

1/1 5-1 5/1 5 as originally filed 

2. The amendments have resulted in the cancellation of: 

□ the description, pages: 

□ the claims, Nos.: 

□ the drawings, sheets: 

3. This opinion has been established as if (some of) the amendments had not been made, since they have been 
considered to go beyond the disclosure as filed (Rule 70.2(c)): 

4. Additional observations, if necessary: 



V. Reasoned statement under Rule 66.2(a)(ii) with regard to novelty, inventive step or industrial 
applicability; citations and explanations supporting such statement 

1. Statement 

Novelty (N) Claims 1 , 2, 21-29 

Inventive step (IS) Claims 3-20 

Industrial applicability (IA) Claims 

2. Citations and explanations 
see separate sheet 

Form PCT/IPEA/408 (Boxes l-VIII. Sheet 1) (January 1994) 



WRITTEN OPINION 



International application No. PCT/I B99/00303 



VII. Certain defects in the international application 

The following defects in the form or contents of the international application have been noted: 
see separate sheet 

VIII. Certain observations on the international application 

The following observations on the clarity of the claims, description, and drawings or on the question whether the 
claims are fully supported by the description, are made: 

see separate sheet 



Form PCT/IPEA/408 (Boxes I- VIII. Sheet 2) (January 1994) 



WRITTEN OPINION 



International application No. PCT/IB99/00303 



SEPARATE SHEET 

The examination is being earned out on the following application documents: 
Text for the Contracting States: 

AT BE CH DE DK ES Fl FR GB GR IT IE LI LU MC NL PT SE 

Description, pages: 

1 -31 as originally filed 

Claims, No.: 

1 -29 as originally filed 

Drawings, sheets: 

1/15-15/15 as originally filed 



The following documents is referred to in this communication; the numbering will be ad- 
hered to in the rest of the procedure: 

D1: FR-A-2,732,537 
D2: EP-A-0 763 936 

Section V: 

1. Claims 1,21: 

Document D1 is regarded as being the closest prior art to the subject-matter of claim 1 , 
and insofar as this claim can be understood (see Section VIII below), this document 
shows (the references in parentheses applying to this document) a method of recording 
transmitted digital data in which transmitted digital information is encrypted and stored 
(see page 7 line 16-18) on a recording support medium and characterised in that an 
equivalent of the recording encryption key is encrypted and stored on the support 
medium together with the encrypted information (see ECM in fig. 2 and page 5, lines 7 
to 11). 



Form PCT/Separate Sheet/408 (Sheet i) (EPO- April 1997) 



.3 



WRITTEN OPINION 



International application No. PCT/IB99/00303 



SEPARATE SHEET 



Since all features of claim 1 are considered to be known from the prior art, the subject- 
matter of claim 1 cannot be considered as being novel (Art. 33(2) PCT). 

The features of the recording means of claim 21 correspond to the method steps of 
claim 1 in such a way that the objection with respect to novelty likewise applies against 
present claim 21 (Art. 33(2) PCT). 

2. Claims 2 to 20: 

The additional features of claim 2 to 20 are either known (see e.g. claim 2: control word 
information usable to descramble a scrambled data transmission; see deciphering key 
DCh1 in fig. 1 of document D1) from the prior art documents cited in the International 
Search Report or generally known in the technical field of cyphering and the inclusion 
of such features is regarded as part of the customary praxis the skilled person would 
consider in accordance with circumstances. 

Hence, the subject-matter of claims 2 to 20 is not considered to be novel or does not 
involve an inventive step as required by Articles 33(2) and (3) PCT. 

3. Claims 22 to 29: 

In as far as these claims can be understood (see Section VIII below) the following 
remarks are to be made: 

A portable security module of the type claimed in claim 22 comprising a recording 
encryption key and a recording transport key are considered to be known in the prior 
art (see document D2, smart card 221 in fig. 17 and col. 18, line 43 to col. 19 line 8). 

Hence, claim 22 cannot be allowed because of lack of novelty of the subject-matter 
claimed (Art.33(3) PCT). 

The objection raised with respect to claim 22 similarly applies mutatis mutandis to 
claims 23 to 29. 

Section VII: 



Form PCT/Separate Sheet/408 (Sheet 2) (EPO- April 1997) 



WRITTEN OPINION 
SEPARATE SHEET 



International application No. PCT/IB99/00303 



When a new set of claims is filed the applicants should ensure that at least the 
independent apparatus claim is drafted in the correct two-part form with all the features 
of the closest prior art document (at present document D1) being comprised in the 
generic part of the claim (Rule 6.3(b)(i) PCT) and with the remaining features being 
included in a characterising part (Rule 6.3(b)(ii) PCT). 



Section VIII: 

1 . For the following reasons claims 1,21 to 29 do not meet the conciseness 
requirements of Article 6 PCT: 

Although these claims have been drafted as separate independent claims, they 
appear to relate effectively to the same subject-matter or at least having 
overlapping scope and differ from each other only with regard to the definition of 
the subject-matter for which protection is sought. The aforementioned claims 
therefore lack conciseness. Moreover, lack of clarity of the claims as a whole 
arises, since the plurality of independent claims makes it difficult, if not impossible, 
to determine the matter for which protection is sought, and places an undue bur- 
den on others seeking to establish the extent of the protection. 

In this case it appears that one independent method claim and one independent 
apparatus claim would be sufficient. 

2. Clarity (Art. 6 PCT): 

2.1 Claims 1 and 21: 

It is not clear in which way the recording encryption key and the transport key 
differ from each other, since both keys are stored on the support medium together 
with the encrypted information. In this context it is unclear, what is to be 
understood by " equivalent of the recording encryption key". 

It is further unclear, whether the keys are transmitted together with the encrypted 
information or not. 



Form PCT/Separate Sheet/408 (Sheet 3) (EPO- April 1997) 



# # 

WRITTEN OPINION International application No. PCT/IB99/00303 
SEPARATE SHEET 

Therefore, claims 1 and 21 in their present form cannot be allowed because of 
lack of clarity (Art. 6 PCT). 

2.2 Claims 22 to 29: 

The subject-matter of claims 22 to 29 is considered to be undefined, since these 
claims do not comprise all essential features for carrying out the alleged invention 
(Art. 6 PCT). 



Miscellaneous: 

In order to meet the objections set out above , the Applicant is invited to file a set of 
claims preferably including a single independent claim of each category defining the 
subject-matter for which protection is sought in the broadest sense. In particular, the 
features representing the alleged contribution of inventive significance to the art known 
from the documents cited in the International Search Report should be clearly and 
completely set out in each independent claim on file. 

The Applicant is requested to file amendments by way of replacement pages in the 
manner stipulated by Rule 66.8(a) PCT. In particular, fair copies of the amendments 
should be filed preferably in triplicate. 

In order to facilitate the examination of the conformity of the amended application with 
the requirements of Article 34(2)(b) PCT, the Applicant is invited to clearly identify the 
amendments carried out, no matter whether they concern amendments by addition, re- 
placement or deletion, and to indicate the passages of the application as filed on which 
these amendments are based (see also Rule 66.8(a) PCT). 

If the Applicant regards it as appropriate these indications could be submitted in 
handwritten form on a copy of the relevant parts of the application as filed. 

The Applicant's attention is drawn to the fact that, as a consequence of Rule 66.8(a) 
PCT the examiner is not permitted to carry out any amendments under the PCT proce- 
dure, however minor these may be. 



Form PCT/Separate SheeV408 (Sheet 4) (EPO- April 1997) 



PATENT COOPERATION TREATY 



From the 

INTERNATIONAL PRELIMINARY EXAMINING AUTHO RITY 



To: 

COZENS, P. 
MATHYS & SQUIRE 
100 Gray's Inn Road 
London WC1X8AL 
GRANDE BRETAGNE 



MATHYS & SQUlwr 
itfAPR 2GC3 
mEPLYDATE^ . 

! r>»ARY ENTE! _ 



PCT 



.-J 



NOTIFICATION OF TRANSMITTAL OF 
THE INTERNATIONAL PRELIMINARY 
EXAMINATION REPORT 

(PCT Rule 71.1) 



Applicant' s or agenf s file reference 
PDC/AB/21224 



Date of mailing 
(day/month/year) 



13.04.2000 



IMPORTANT NOTIFICATION 



International application No. 
PCT/IB99/00303 



International filing date (day/month/year) 
11/02/1999 



Priority date (day/month/year) 
13/02/1998 



Applicant 

CANAL+ SOCIETE ANONYME et al. 



1 . The applicant is hereby notified that this International Preliminary Examining Authority transmits herewith the 
international preliminary examination report and its annexes, if any, established on the international application. 

2. A copy of the report and its annexes, if any, is being transmitted to the International Bureau for communication 
to all the elected Offices. 

3. Where required by any of the elected Offices, the International Bureau will prepare an English translation of the 
report (but not of any annexes) and will transmit such translation to those Offices. 

4. REMINDER 

The applicant must enter the national phase before each elected Office by performing certain acts (filing 
translations and paying national fees) within 30 months from the priority date (or later in some Offices) (Article 
39(1)) (see also the reminder sent by the International Bureau with Form PCT/IB/301). 

Where a translation of the international application must be furnished to an elected Office, that translation must 
contain a translation of any annexes to the international preliminary examination report. It is the applicant's 
responsibility to prepare and furnish such translation directly to each elected Office concerned. 

For further details on the applicable time limits and requirements of the elected Offices, see Volume II of the 
PCT Applicant's Guide. 



Name and mailing address of the IPEA/ 



European Patent Office 
AMI D " 80298 Munich 

S/Jl Tel. +49 89 2399 - 0 Tx: 523656 epmu d 
Fax: +49 89 2399 - 4465 



Authorized officer 
Stannartz, B 

Tel.+49 89 2399-8242 



Form PCT/I PEA/4 16 (July 1992) 



^VTENT COOPERATION TR^^TY 

PCT 

INTERNATIONAL PRELIMINARY EXAMINATION REPORT 

(PCT Article 36 and Rule 70) 



Applicant's or agent s file reference 
PDC/AB/21224 



FOR FURTHER ACTION 



See Notification of Transmittal of International 
Preliminary Examination Report (Form PCT/IPEA/416) 



International application No. 
PCT/IB99/00303 



International filing date (day/month/year) 
11/02/1999 



Priority date (day/month/year) 
13/02/1998 



International Patent Classification (IPC) or national classification and IPC 
H04N5/913 



Applicant 

CANAL+ SOCIETE ANONYME et al. 



1 . This international preliminary examination report has been prepared by this International Preliminary Examining Authority 
and is transmitted to the applicant according to Article 36. 

2. This REPORT consists of a total of 6 sheets, including this cover sheet. 

□ This report is also accompanied by ANNEXES, i.e. sheets of the description, claims and/or drawings which have 
been amended and are the basis tor this report and/or sheets containing rectifications made before this Authority 
(see Rule 70.16 and Section 607 of the Administrative Instructions under the PCT). 

These annexes consist of a total of sheets. 



3. This report contains indications relating to the following items: 



Basis of the report 



II 


□ 


III 


□ 


IV 


□ 


V 




VI 


□ 


VII 




VIII 





Reasoned statement under Article 35(2) with regard to novelty, inventive step or industrial applicability; 
citations and explanations suporting such statement 



Date of submission of the demand 
04/08/1999 


Date of completion of this report 
13.04.2000 


Name and mailing address of the international 
preliminary examining authority: 

r- European Patent Office 

Xjjft D-80298 Munich 

Tel. +49 89 2399 - 0 Tx: 523656 epmu d 

Fax: +49 89 2399 - 4465 


Authorized officer 

Revellio, S & JJ 

Telephone No. +49 89 2399 8973 



Form PCT/IPEA/409 (cover sheet) (January 1994) 



INTERNATIONAL PRELIMINARY 
EXAMINATION REPORT 



International application No. PCT/IB99/00303 



I. Basis of the report 

1 This report has been drawn on the basis of {substitute sheets which have been furnished to the receiving Office in 
' response to an invitation under Article 14 are referred to in this report as "originally filed" and are not annexed to 
the report since they do not contain amendments): 



Description, pages: 

1 -31 as originally tiled 

Claims, No.: 

1 _29 as originally filed 

Drawings, sheets: 

1/15-15/15 as originally filed 



2. The amendments have resulted in the cancellation of: 

□ the description, pages: 

□ the claims, Nos.: 

□ the drawings, sheets: 

3. □ This report has been established as if (some of) the amendments had not been made, since they 

considered to go beyond the disclosure as filed (Rule 70.2(c)): 



4. Additional observations, if necessary: 



Form PCT/IPEA/409 (Boxes l-VIII. Sheet 1) (January 1994) 



INTERNATIONAL PRELIMINARY 
EXAMINATION REPORT 



• 

International application No. PCT/IB99/00303 



V. Reasoned statement under Article 35(2) with regard to novelty, inventive step or industrial 
applicability; citations and explanations supporting such statement 



1. Statement 



Novelty (N) Yes: Claims 

No: Claims 1,2,21-29 

Inventive step (IS) Yes: Claims 

No: Claims 3-20 

Industrial applicability (I A) Yes: Claims 1-29 

No: Claims 



2. Citations and explanations 



see separate sheet 



VII. Certain defects in the international application 

The following defects in the form or contents of the international application have been noted: 
see separate sheet 

VIII. Certain observations on the international application 

The following observations on the clarity of the claims, description, and drawings or on the question 
claims are fully supported by the description, are made: 

see separate sheet 



Form PCT/lPEA/409 (Boxes l-VIII. Sheet 2) (January 1994) 



INTERNATIONAL PRELIMINARY International application No. PCT/IB99/00303 
EXAMINATION REPORT - SEPARATE SHEET ._ 



The following documents are referred to in this communication; the numbering will be 
adhered to in the rest of the procedure: 

D1: FR-A-2,732,537 
D2: EP-A-0 763 936 

Section V: 

1. Claims 1,21: 

Document D1 is regarded as being the closest prior art to the subject-matter of claim 1 , 
and insofar as this claim can be understood (see Section VIII below), this document 
shows (the references in parentheses applying to this document) a method of recording 
transmitted digital data in which transmitted digital information is encrypted and stored 
(see page 7 line 16-18) on a recording support medium and characterised in that an 
equivalent of the recording encryption key is encrypted and stored on the support 
medium together with the encrypted information (see ECM in fig. 2 and page 5, lines 7 
to 11). 

Since all features of claim 1 are considered to be known from the prior art, the 
requirements with respect to novelty are not met (Art. 33(2) PCT). 

The features of the recording means of claim 21 correspond to the method steps of 
claim 1 in such a way that the objection with respect to novelty likewise applies against 
present claim 21 (Art. 33(2) PCT). 

2. Claims 2 to 20: 

The additional features of claim 2 to 20 are either known (see e.g. claim 2: control word 
information usable to descramble a scrambled data transmission; see deciphering key 
DCh1 in fig. 1 of document D1) from the prior art documents cited in the International 
Search Report or generally known in the technical field of cyphering and the inclusion 
of such features is regarded as part of the customary praxis the skilled person would 
consider in accordance with circumstances. 
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Hence, the subject-matter of claims 2 to 20 is not considered to be novel or does not 
involve an inventive step as required by Articles 33(2) and (3) PCT. 

3. Claims 22 to 29: 

In as far as these claims can be understood (see Section VIII below) the following 
remarks are to be made: 

A portable security module of the type claimed in claim 22 comprising a recording 
encryption key and a recording transport key are considered to be known in the prior 
art (see document D2, smart card 221 in fig. 17 and col. 18, line 43 to col. 19 line 8). 

Hence, claim 22 cannot be allowed because of lack of novelty of the subject-matter 
claimed (Art.33(2) PCT). 

The objection raised with respect to claim 22 similarly applies mutatis mutandis to 
claims 23 to 29. 

4. The claims have industrial applicability as required in accordance with Art. 33(4) 
PCT since the subject-matter claimed can be made or used in industry. 



Section VII: 

The claims are not in the two-part form with all the features of the closest prior art 
document (at present document D1) being comprised in the generic part of the claim 
(Rule 6.3(b)(i) PCT) and with the remaining features being included in a characterising 
part (Rule 6.3(b)(ii) PCT). 

Section VIII: 

1 . For the following reasons claims 1 , 21 to 29 do not meet the conciseness 
requirements of Article 6 PCT: 
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Although these claims have been drafted as separate independent claims, they 
appear to relate effectively to the same subject-matter or at least having 
overlapping scope and differ from each other only with regard to the definition of 
the subject-matter for which protection is sought. The aforementioned claims 
therefore lack conciseness. Moreover, lack of clarity of the claims as a whole 
arises, since the plurality of independent claims makes it difficult, if not impossible, 
to determine the matter for which protection is sought, and places an undue bur- 
den on others seeking to establish the extent of the protection. 

In this case it appears that one independent method claim and one independent 
apparatus claim would be sufficient. 

2. Clarity (Art. 6 PCT): 

2.1 Claims 1 and 21: 

It is not clear in which way the recording encryption key and the transport key 
differ from each other, since both keys are stored on the support medium together 
with the encrypted information. In this context it is unclear, what is to be 
understood by " equivalent of the recording encryption key". 

It is further unclear, whether the keys are transmitted together with the encrypted 
information or not. 

Therefore, the requirements with respect to clarity are not met for claims 1 and 21 
(Art. 6 PCT). 

2.2 Claims 22 to 29: 

The subject-matter of claims 22 to 29 is considered to be undefined, since these 
claims do not comprise all essential features for carrying out the alleged invention 
(Art. 6 PCT). 
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METHOD AND APPARATUS FOR RECORDING OF ENCRYPTED 

DIGITAL DATA 

The present invention relates to a method and apparatus for recording scrambled 
digital data, for example television broadcasts. 

Transmission of encrypted data is well-known in the field of pay TV systems, where 
scrambled audiovisual information is broadcast typically by satellite to a number of 
subscribers, each subscriber possessing a decoder or integrated receiver/decoder 
(IRD) capable of descrambling the transmitted program for subsequent viewing. 

In a typical system, scrambled digital data is transmitted together with a control word 
for descrambling of the digital data, the control word itself being encrypted by an 
exploitation key and transmitted in encrypted form. A decoder receives the scrambled 
digital data and encrypted control word which uses an equivalent of the exploitation 
key to decrypt the encrypted control word and thereafter descramble the transmitted 
data. A paid-up subscriber will receive periodically the exploitation key necessary 
to decrypt the encrypted control word so as to permit viewing of a particular 
program. 

With the advent of digital technology, the quality of the transmitted data has increased 
many times over. A particular problem associated with digital quality data lies in its 
ease of reproduction. Where a descrambled program is passed via an analogue link 
(e.g. the " Peritel " link) for viewing and recording by a standard VCR the quality 
remains no greater than that associated with a standard analogue cassette recording. 
The risk that such a recording may be used as a master tape to make pirate copies is 
thus no greater than with a standard shop bought analogue cassette. 

By way of contrast, any descrambled digital data passed by a direct digital link to one 
of the new generation of digital recording devices (for example, a DVHS recorder) 
will be of the same quality as the originally transmitted program and may thus be 
reproduced any number of times without any degradation of image or sound quality . 
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There is therefore a considerable risk that the descrambled data will be used as a 
master recording to make pirate copies. 

French Patent Application 95 03859 shows one way of overcoming this problem, by 
5 means of a system in which descrambled digital data is never allowed to be recorded 
on the digital recording medium. Instead, the decoder described in this application 
forwards the data for recordal on the support medium in its scrambled form. The 
control word necessary to descramble the data is re-encrypted by means of another 
key and stored on the recording support with the scrambled data. This new key is 
. 10 known only to the receiver/decoder and replaces the exploitation key needed to obtain 
the control word for viewing of the program. 

The advantage of such a system is that the data is never stored in a " clear " form 
and cannot be viewed without possession of the new key, stored in the decoder. The 
15 system also possesses the advantage that, since the exploitation key changes on a 
monthly basis, the use of a key chosen by the decoder to re-encrypt the control word 
registered on the digital tape means that the decoder will still be able to decrypt the 
control word recorded on the tape even after the end of a subscription month. 

20 The disadvantage of the system proposed in this previous patent application is that the 
recording can only be viewed in conjunction with that particular decoder. If that 
decoder breaks down, or is replaced, the recording can no longer be replayed. 
Equally, it is not possible to play the recording directly in a digital recorder without 
connecting the decoder in the system. 

25 

It is an object of the present invention in its broadest and specific aspects to overcome 
some or all of the problems associated with this known solution. 

According to the present invention, there is provided a method of recording 
30 transmitted digital data in which transmitted digital information is encrypted by a 
recording encryption key and stored by a recording means on a recording support 
medium and characterised in that an equivalent of the recording encryption key is 
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encrypted by a recording transport key and stored on the support medium together 
with the encrypted information. 

The advantage of this method lies in the fact that the specific encryption key used to 
5 encrypt the information is itself permanently recorded with the associated encrypted 
information. In order to facilitate future access, and as will be described below, one 
or more safeguard copies of the recording transport key may be stored at another 
location than in the recorder. 

10 In one embodiment, the information encrypted by the recording encryption key 
comprises control word information usable to descramble a scrambled data 
transmission also recorded on the support medium. Other embodiments are 
conceivable, for example, in which the encrypted information corresponds simply to 
transmitted data that will be ultimately read or displayed, e.g. the audiovisual 

15 information itself rather than a control word used to descramble it. 

In one embodiment, the recording encryption key and/or recording transport key are 
stored on a portable security module associated with the recording means. This may 
comprise, for example, any convenient microprocessor and/or memory card device, 
20 such as a PCMCIA or PC card, a smart card, a SIM card etc. In alternative 
realisations, the keys may be stored in a security module permanently embodied in 
the recording means. 

Unless explicitly limited to a portable or integrated device it is to be understood that 
25 all references to a "security module" cover both possible realisations. 

In one embodiment, the transmitted information is encrypted prior to transmission and 
received by a decoder means before being communicated to the recording means. 
The decoder may be physically separate or combined with the recording means. As 
30 will be explained in further detail below, the transmitted information may be in some 
cases processed and/or reencrypted by the decoder before being communicated to the 
recording means. 
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The decoder means may itself be associated with a portable security module used to 
store transmission access control keys used to decrypt the transmitted encrypted 
information. In some embodiments, this may be distinct from the portable security 
module associated with the recording means. However, in the case of an integrated 
5 decoder/recorder, for example, the same security module may be used to hold all 
keys. 

In one embodiment, the recording encryption key and/or recording transport key 
function in accordance with a first encryption algorithm and the transmission access 
10 control keys function in accordance with a second encryption algorithm. 

For example, the recording encryption and transport keys may use the symmetric 
DES algorithm, whilst the transmission keys function in accordance with a customised 
algorithm, unique to the broadcast access control system. This enables the system 
15 manager to retain control over the algorithm chosen for the transmission keys whilst 
allowing a generic algorithm to be used for the keys relating to a recording. 

In one embodiment, the recording transport key is generated at a central recording 
authorisation unit and a copy of this key communicated to the recording means. In 
20 the event of loss or destruction of the key support associated with the recording 
means a backup copy or at least the means to generate the transport key will at all 
times be present at the central recording authorisation unit. 

For security reasons, the recording transport key is preferably encrypted by a further 
25 encryption key prior to being communicated to the recording means. This further 
encryption key may be based, for example, on an encryption key common to all 
recorder security modules diversified by the serial number of the security module, 
such that only that security module can read the message. 

30 In the case where the system comprises a receiver/ decoder physically separate from 
the recording means it may be desirable for the recording means to possess the same 
access rights as the receiver/ decoder, for example to permit the receiver/decoder to 
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simply forward the data stream "as is" to the recorder for processing. 

Accordingly, in one embodiment, a central access control system communicates 
transmission access control keys to a portable security module associated with the 
recording means. These may comprise, for example, a double of the keys normally 
held by the portable security module associated with the decoder and which are used 
to descramble transmissions. 



In this embodiment, the recording means directly descrambles transmitted information 
using the transmission access keys prior to re-encryption of the information by the 
recording encryption key and storage on the support medium. 

In a similar manner as with the communication of the transport key, the central access 
control system preferably encrypts the broadcast access control keys by a further 
encryption key prior to their communication to the recording means. This further 
encryption key may equally comprise an audience key common to all security 
modules diversified by the serial number of the recording means. 



In order to enable the central access control system to correctly identify the broadcast 
access keys that need to be forwarded to the recording means, the recording means 
preferably sends a request to the central access control system including information 
identifying the broadcast access keys needed, the request being authentified by the 
recording means using a key unique to the recording means. This may correspond, 
for example, to the key used to encrypt communications from the central access 
control system to the recording means. 

In the above realisations of the invention, a number of diverse embodiments have 
been described, in particular in which a central recording authorisation unit generates 
and maintains a copy of the recording transport keys and in which a central access 
control system sends a duplicate set of transmission access control keys to the 
recording means. Alternative embodiments are possible. 
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For example, in one embodiment comprising a decoder means and associated security 
module and a recording means and associated security module, a copy of the 
recording transport key is stored in the security module associated with either or both 
decoder means or recorder means. In this way, a backup key for decrypting a 
5 recording will always be available even in the event of destruction or loss of the other 
security module. In particular, a copy of the recording transport key may most 
usefully be stored in the decoder security module. 

The recording transport key may be generated, for example, by the recording means 
10 security module and communicated to the decoder means security module or vice 
versa. For security reasons, the recording transport key is preferably encrypted 
before communication to the decoder security module and decrypted by a key unique 
to the security module receiving the recording transport key. 

15 This unique key and its equivalent may be embedded in the respective security 
modules at the moment of their creation. However, alternatively, the decoder 
security module and recording security module carry out a mutual authorisation 
process, the unique decryption key being passed to the other security module from 
the encrypting security module depending on the results of the mutual authorisation. 

20 

In one embodiment, the mutual authorisation step is carried out using, inter alia, an 
audience key known to both security modules. This may be, for example, a generic 
key known to all decoders and recorders and diversified by the serial number of each 
module. 

25 

In a further development of this double security module embodiment, the decoder 
means security module possesses transmission access control keys to decrypt the 
transmitted information in an encrypted form and a session key to re-encrypt the 
information prior to communication to the recording means security module, the 
30 recording means security module possessing an equivalent of the session key to 
decrypt the information prior to encryption by the recording transport key. 
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This session key may be generated by the decoder means security module or 
recording means security module and communicated to the other module in encrypted 
form using an encryption key uniquely decryptable by the other security module. 

5 The present invention extends to a recording means for use in the above method, a 
decoder means and a portable security module for use in each. 

The terms "scrambled" and "encrypted" and "control word" and "key" have been 
used at various parts in the text for the purpose of clarity of language. However, it 

10 will be understood that no fundamental distinction is to be made between "scrambled 
data" and "encrypted data" or between a "control word" and a "key". Similarly, the 
term "equivalent key" is used to refer to a key adapted to decrypt data encrypted by 
a first mentioned key, or vice versa. Unless obligatory in view of the context or 
unless otherwise specified, no general distinction is made between keys associated 

15 with symmetric algorithms and those associated with public/private algorithms. 

The term "receiver/decoder" or "decoder" used herein may connote a receiver for 
receiving either encoded or non-encoded signals, for example, television and/or radio 
signals, which may be broadcast or transmitted by some other means. The term may 

20 also connote a decoder for decoding received signals. Embodiments of such 
receiver/decoders may include a decoder integral with the receiver for decoding the 
received signals, for example, in a "set- top box", such a decoder functioning in 
combination with a physically separate receiver, or such a decoder including 
additional functions, such as a web browser or integrated with other devices such as 

25 a video recorder or a television. 

As used herein, the term "digital transmission system" includes any transmission 
system for transmitting or broadcasting for example primarily audiovisual or 
multimedia digital data. Whilst the present invention is particularly applicable to a 
30 broadcast digital television system, the invention may also be applicable to a fixed 
telecommunications network for multimedia internet applications, to a closed circuit 
television, and so on. 
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As used herein, the term "digital television system" includes for example any 
satellite, terrestrial, cable and other system. 

There will now be described, by way of example only, a number of embodiments of 
5 the invention, with reference to the following figures, in which: 

Figure 1 shows the overall architecture of a digital TV system according to this 
embodiment; 

10 Figure 2 shows the architecture of the conditional access system of Figure 1; 

Figure 3 shows the encryption levels in the conditional access system; 

Figure 4 shows the layout of a decoder and digital recording device according to this 
15 embodiment; 

Figure 5 shows in schematic form the organisation of zones within the memory cards 
associated with the decoder and recorder of Figure 4; 

20 Figures 6 and 7 show the steps in the preparation of messages for communication 
between the decoder card and a centralised server in this first embodiment; 

Figure 8 shows the cryptology architecture of the decoder card in generating a 
recording encryption key according to this first embodiment; 

25 

Figures 9 and 10 show the preparation of ECM and EMM messages for recordal on 
the digital recording support according to this first embodiment; 

Figure 1 1 shows the decryption steps associated with the replay of a recording in this 
30 first embodiment; 

Figure 12 shows in schematic form the organisation of zones within the memory cards 
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of the decoder and recording device according to a second embodiment of the 
invention; 

Figures 13 and 14 show the initial mutual authorisation steps and transfer of data 
between the decoder memory card and the recorder memory card according to this 
second embodiment; 

Figure 15 shows the creation and communication of a session key to be used by both 
memory cards during recording of a programme in this second embodiment; 

Figure 16 shows the operation of the recorder card to generate a recording encryption 
key in this second embodiment; 

Figure 17 shows the treatment of transmission ECMs by the decoder card in order 
to communicate the control word CW in encrypted form to the recorder card in this 
second embodiment; 

Figures 18 and 19 show the preparation of ECM and EMM messages for recordal on 
the digital recording support according to this second embodiment; and 

Figure 20 shows communication between a decoder card and recorder card. 

An overview of a digital television broadcast and reception system 1 is shown in 
Figure 1. The invention includes a mostly conventional digital television system 2 
which uses the MPEG-2 compression system to transmit compressed digital signals. 
In more detail, MPEG-2 compressor 3 in a broadcast centre receives a digital signal 
stream (for example a stream of audio or video signals). The compressor 3 is 
connected to a multiplexer and scrambler 4 by linkage 5. The multiplexer 4 receives 
a plurality of further input signals, assembles one or more transport streams and 
transmits compressed digital signals to a transmitter 6 of the broadcast centre via 
linkage 7, which can of course take a wide variety of forms including telecom links. 



The transmitter 6 transmits electromagnetic signals via uplink 8 towards a satellite 
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transponder 9, where they are electronically processed and broadcast via a notional 
downlink 10 to earth receiver 11, conventionally in the form of a dish owned or 
rented by the end user. The signals received by receiver 11 are transmitted to an 
integrated receiver/decoder 12 owned or rented by the end user and connected to the 
5 end user's television set 13. The receiver/decoder 12 decodes the compressed 
MPEG-2 signal into a television signal for the television set 13. 

A conditional access system 20 is connected to the multiplexer 4 and the 
receiver/decoder 12, and is located partly in the broadcast centre and partly in the 

10 decoder. It enables the end user to access digital television broadcasts from one or 
more broadcast suppliers. A smartcard, capable of decrypting messages relating to 
commercial offers (that is, one or several television programmes sold by the broadcast 
supplier), can be inserted into the receiver/decoder 12. Using the decoder 12 and 
smartcard, the end user may purchase events in either a subscription mode or a pay- 

15 per- view mode. 

An interactive system 17, also connected to the multiplexer 4 and the 
receiver/decoder 12 and again located partly in the broadcast centre and partly in the 
decoder, may be provided to enable the end user to interact with various applications 
20 via a modemmed back channel 16. 

The conditional access system 20 will now be described in more detail. With 
reference to Figure 2, in overview the conditional access system 20 includes a 
Subscriber Authorization System (SAS) 21 . The SAS 21 is connected to one or more 
25 Subscriber Management Systems (SMS) 22, one SMS for each broadcast supplier, by 
a respective TCP-IP linkage 23 (although other types of linkage could alternatively 
be used). Alternatively, one SMS could be shared between two broadcast suppliers, 
or one supplier could use two SMSs, and so on. 

30 First encrypting units in the form of ciphering units 24 utilising "mother" smartcards 
25 are connected to the SAS by linkage 26. Second encrypting units again in the 
form of ciphering units 27 utilising mother smartcards 28 are connected to the 
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multiplexer 4 by linkage 29. The receiver/decoder 12 receives a portable security 
module, for example in the form of "daughter" smartcard 30. It is connected directly 
to the SAS 21 by Communications Servers 31 via the modemmed back channel 16. 
The SAS sends, amongst other things, subscription rights to the daughter smartcard 
5 on request. 

The smartcards contain the secrets of one or more commercial operators. The 
"mother" smartcard encrypts different kinds of messages and the "daughter" 
smartcards decrypt the messages, if they have the rights to do so. 

10 

The first and second ciphering units 24 and 27 comprise a rack, an electronic VME 
card with software stored on an EEPROM, up to 20 electronic cards and one 
smartcard 25 and 28 respectively, for each electronic card, one carcL28 for encrypting 
the ECMs and one card 25 for encrypting the EMMs. 

15 

The operation of the conditional access system 20 of the digital television system will 
now be described in more detail with reference to the various components of the 
television system 2 and the conditional access system 20. 

20 Multiplexer and Scrambler 

With reference to Figures 1 and 2, in the broadcast centre, the digital audio or video 
signal is first compressed (or bit rate reduced), using the MPEG-2 compressor 3. 
This compressed signal is then transmitted to the multiplexer and scrambler 4 via the 
25 linkage 5 in order to be multiplexed with other data, such as other compressed data. 

The scrambler generates a control word used in the scrambling process and included 
in the MPEG-2 stream in the multiplexer. The control word is generated internally 
and enables the end user's integrated receiver/decoder 12 to descramble the 
30 programme. 

Access criteria, indicating how the programme is commercialised, are also added to 
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the MPEG-2 stream. The programme may be commercialised in either one of a 
number of "subscription" modes and/or one of a number of "Pay Per View" (PPV) 
modes or events. In the subscription mode, the end user subscribes to one or more 
commercial offers, or "bouquets", thus getting the rights to watch every channel 
5 inside those bouquets. In the preferred embodiment, up to 960 commercial offers 
may be selected from a bouquet of channels. 

In the Pay Per View mode, the end user is provided with the capability to purchase 
events as he wishes. This can be achieved by either pre-booking the event in advance 
10 ("pre-book mode"), or by purchasing the event as soon as it is broadcast ("impulse 
mode"). In the preferred embodiment, all users are subscribers, whether or not they 
watch in subscription or PPV mode, but of course PPV viewers need not necessarily 
be subscribers. 

15 Entitlement Control Messages 

Both the control word and the access criteria are used to build an Entitlement Control 
Message (ECM). This is a message sent in relation with a scrambled program; the 
message contains a control word (which allows for the descrambling of the program) 

20 and the access criteria of the broadcast program. The access criteria and control 
word are transmitted to the second encrypting unit 27 via the linkage 29. In this unit, 
an ECM is generated, encrypted and transmitted on to the multiplexer and scrambler 
4. During a broadcast transmission, the control word typically changes every few 
seconds, and so ECMs are also periodically transmitted to enable the changing control 

25 word to be descrambled. For redundancy purposes, each ECM typically includes two 
control words; the present control word and the next control word. 

Each service broadcast by a broadcast supplier in a data stream comprises a number 
of distinct components; for example a television programme includes a video 
30 component, an audio component, a sub- title component and so on. Each of these 
components of a service is individually scrambled and encrypted for subsequent 
broadcast to the transponder 9. In respect of each scrambled component of the 
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service, a separate ECM is required. Alternatively, a single ECM may be required 
for all of the scrambled components of a service. Multiple ECMs are also generated 
in the case where multiple conditional access systems control access to the same 
transmitted program. 

5 

Entitlement Management Messages (EMMs) 

The EMM is a message dedicated to an individual end user (subscriber), or a group 
of end users. Each group may contain a given number of end users. This 
10 organisation as a group aims at optimising the bandwidth; that is, access to one group 
can permit the reaching of a great number of end users. 

Various specific types of EMM can be used. Individual EMMs are dedicated to 
individual subscribers, and are typically used in the provision of Pay Per View 
15 services; these contain the group identifier and the position of the subscriber in that 
group. 

Group subscription EMMs are dedicated to groups of, say, 256 individual users, and 
are typically used in the administration of some subscription services. This EMM 
20 has a group identifier and a subscribers' group bitmap. 

Audience EMMs are dedicated to entire audiences, and might for example be used 
by a particular operator to provide certain free services. An "audience" is the totality 
of subscribers having smartcards which bear the same conditional access system 
25 identifier (CA ID). Finally, a "unique" EMM is addressed to the unique identifier 
of the smartcard. 

EMMs may be generated by the various operators to control access to rights 
associated with the programs transmitted by the operators as outlined above. EMMs 
30 may also be generated by the conditional access system manager to configure aspects 
of the conditional access system in general. 
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Programme Transmission 

The multiplexer 4 receives electrical signals comprising encrypted EMMs from the 
SAS 21, encrypted ECMs from the second encrypting unit 27 and compressed 
5 programmes from the compressor 3. The multiplexer 4 scrambles the programmes 
and sends the scrambled programmes, the encrypted EMMs and the encrypted ECMs 
to a transmitter 6 of the broadcast centre via the linkage 7. The transmitter 6 
transmits electromagnetic signals towards the satellite transponder 9 via uplink 8. 

10 Programme Reception 

The satellite transponder 9 receives and processes the electromagnetic signals 
transmitted by the transmitter 6 and transmits the signals on to the earth receiver 1 1 , 
conventionally in the form of a dish owned or rented by the end user, via downlink 
15 10. The signals received by receiver 11 are transmitted to the integrated 
receiver/decoder 12 owned or rented by the end user and connected to the end user's 
television set 13. The receiver/decoder 12 demultiplexes the signals to obtain 
scrambled programmes with encrypted EMMs and encrypted ECMs. 

20 If the programme is not scrambled, that is, no ECM has been transmitted with the 
MPEG-2 stream, the receiver/decoder 12 decompresses the data and transforms the 
signal into a video signal for transmission to television set 13. 

If the programme is scrambled, the receiver/decoder 12 extracts the corresponding 
25 ECM from the MPEG-2 stream and passes the ECM to the "daughter" smartcard 30 
of the end user. This slots into a housing in the receiver/decoder 12. The daughter 
smartcard 30 controls whether the end user has the right to decrypt the ECM and to 
access the programme. If not, a negative status is passed to the receiver/decoder 12 
to indicate that the programme cannot be descrambled. If the end user does have the 
30 rights, the ECM is decrypted and the control word extracted. The decoder 12 can 
then descramble the programme using this control word. The MPEG-2 stream is 
decompressed and translated into a video signal for onward transmission to television 
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set 13. 

Subscriber Management System (SMS) 

5 A Subscriber Management System (SMS) 22 includes a database 32 which manages, 
amongst others, all of the end user files, commercial offers, subscriptions, PPV 
details, and data regarding end user consumption and authorization. The SMS may 
be physically remote from the SAS. 

10 Each SMS 22 transmits messages to the SAS 21 via respective linkage 23 which 
imply modifications to or creations of Entitlement Management Messages (EMMs) 
to be transmitted to end users. 

The SMS 22 also transmits messages to the SAS 21 which imply no modifications or 
15 creations of EMMs but imply only a change in an end user's state (relating to the 
authorization granted to the end user when ordering products or to the amount that 
the end user will be charged) . 

The SAS 21 sends messages (typically requesting information such as call-back 
20 information or billing information) to the SMS 22, so that it will be apparent that 
communication between the two is two-way. 

Subscriber Authorization System (SAS) 

25 The messages generated by the SMS 22 are passed via linkage 23 to the Subscriber 
Authorization System (SAS) 21, which in turn generates messages acknowledging 
receipt of the messages generated by the SMS 21 and passes these acknowledgements 
to the SMS 22. 



30 



In overview the SAS comprises a Subscription Chain area to give rights for 
subscription mode and to renew the rights automatically each month, a Pay Per View 
Chain area to give rights for PPV events, and an EMM Injector for passing EMMs 
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created by the Subscription and PPV chain areas to the multiplexer and scrambler 4, 
and hence to feed the MPEG stream with EMMs. If other rights are to be granted, 
such as Pay Per File (PPF) rights in the case of downloading computer software to 
a user's Personal Computer, other similar areas are also provided. 

5 

One function of the SAS 21 is to manage the access rights to television programmes, 
available as commercial offers in subscription mode or sold as PPV events according 
to different modes of commercialisation (pre-book mode, impulse mode). The SAS 
21, according to those rights and to information received from the SMS 22, generates 
10 EMMs for the subscriber. 

The EMMs are passed to the Ciphering Unit (CU) 24 for ciphering with respect to 
the management and exploitation keys. The CU completes the signature on the EMM 
and passes the EMM back to a Message Generator (MG) in the SAS 21, where a 
15 header is added. The EMMs are passed to a Message Emitter (ME) as complete 
EMMs. The Message Generator determines the broadcast start and stop time and the 
rate of emission of the EMMs, and passes these as appropriate directions along with 
the EMMs to the Message Emitter. The MG only generates a given EMM once; it 
is the ME which performs cyclic transmission of the EMMs. 

20 

On generation of an EMM, the MG assigns a unique identifier to the EMM. When 
the MG passes the EMM to the ME, it also passes the EMM ID. This enables 
identification of a particular EMM at both the MG and the ME. 

25 In systems such as simulcrypt which are adapted to handle multiple conditional access 
systems e.g. associated with multiple operators, EMM streams associated with each 
conditional access system are generated separately and multiplexed together by the 
multiplexer 4 prior to transmission. 

30 Encryption Levels of the System 



Referring now to Figure 3, a simplified outline of the encryption levels in the 
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broadcast system will now be described. The stages of encryption associated with the 
broadcast of the digital data are shown at 41, the transmission channel (eg a satellite 
link as described above) at 42 and the stages of decryption at the receiver at 43 . 

5 The digital data N is scrambled by a control word CW before being transmitted to a 
multiplexer Mp for subsequent transmission. As will be seen from the lower part of 
Figure 3, the transmitted data includes an ECM comprising, inter alia, the control 
word CW as encrypted by an encrypter Chi controlled by a first encryption key Kex. 
At the receiver /decoder, the signal passes by a demultiplexer DMp and descrambler 
10 D before being passed to a television 2022 for viewing. A decryption unit DChl also 
possessing the key Kex decrypts the ECM in the demultiplexed signal to obtain the 
control word CW subsequently used to descramble the signal. 

For security reasons, the control word CW embedded in the encrypted ECM changes 
15 on average every 10 seconds or so. In contrast, the first encryption key Kex used by 
the receiver to decode the ECM is changed every month or so by means of an 
operator EMM. The encryption key Kex is encrypted by a second unit ChP using a 
personalised group key Kl(GN). If the subscriber is one of those chosen to receive 
an updated key Kex, a decryption unit DChP in the decoder will decrypt the message 
20 using its group key Kl(GN) to obtain that month's key Kex. 

The decryption units DChp and DChl and the associated keys are held on a smart 
card provided to the subscriber and inserted in a smart card reader in the decoder. 
The keys may be generated, for example, according to any generally used symmetric 
25 key algorithm or in accordance with a customised symmetric key algorithm. 

As will be described, different keys may be associated with different operators or 
broadcasters as well as with the conditional access system supplier. In the above 
description, a group key Kl(GN) is held by the smart card associated with the 
30 decoder and used to decrypt EMM messages. In practice, different operators will 
have different subscriber unique keys Kl (Opl, GN), Kl (Op2, GN) etc. Each group 
key is generated by an operator and diversified by a value associated with the group 
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to which the subscriber belongs. Different memory zones in the smart card hold the 
keys for different operators. Each operator may also have a unique key associated 
solely with the smart card in question and an audience key for all subscribers to the 
services provided by that operator (see above). 

5 

In addition, a set of keys may also be held by the manager of the conditional access 
system. In particular, a given smart card may include a user specific key K0 (NS) 
and an audience key Kl (C), common to all smart cards. Whilst the operator keys 
are generally used to decode EMM messages associated with broadcast rights, the 
10 conditional access manager keys may be used to decrypt EMM messages associated 
with changes to conditional access system in general, as will be described below. 

The above .description of the system shown in Figure 3 relates to the implementation 
of access control in a broadcast system in which transmissions are descrambled by a 
15 decoder and displayed immediately. Referring to Figure 4, the elements of an access 
control system for recordal and replaying of scrambled transmission will now be 
described. 

As before, a decoder 12 receives scrambled broadcast transmissions via a receiver 11. 

20 The decoder includes a portable security module 30, which may conveniently take the 
form of a smart card, but which may comprise any other suitable memory or 
microprocessor device. The decoder 12 includes a modem channel 16, for example, 
for communicating with servers handling conditional access information and is also 
adapted to pass descrambled audiovisual display information, e.g. via a Peritel link 

25 53, to a television 13. The system additionally includes a digital recorder 50, such 
as a DVHS or DVD recorder, adapted to communicate with the decoder, for 
example, via an IEEE 1394 bus 51. The recorder 50 receives a digital support (not 
shown) on which information is recorded. 

30 The recorder 50 is further adapted to function with a portable security module 52 
containing, inter alia, the keys used to control access to the replaying of a recording. 
The portable security module may comprise any portable memory and/or 
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microprocessor device as is conventionally known, such as a smart card, a PCMCIA 
card, a microprocessor key etc. In the present case, the portable security module 52 
has been designated as a SIM card, known from the field of portable telephones. 

5 The digital recorder 50 includes a direct link 54 to the display 13. In alternative 
realisations, digital audiovisual information may be passed from the recorder 50 to 
the decoder 12 prior to display. Equally, whilst the elements of decoder 12, recorder 
50 and display 13 have been indicated separately, it is conceivable that some or all 
of these elements may be merged, for example, to provide a combined 
10 decoder/television set or combined decoder/ recorder etc. 

Similarly, whilst the invention will be discussed in relation to the recording of 
audiovisual broadcast information, it may also conveniently be applied, for example, 
to broadcast audio information subsequently recorded on a DAT or minidisc recorder 
15 or even a broadcast software application recorded on the hard disc of a computer. 

A first and second embodiment of the invention will now be described with reference 
to Figures 5 to 11 and 12 to 19, respectively. In the first embodiment a central 
server is used to handle the generation and safeguard of the keys permitting access 
20 to a recording. Furthermore, in this embodiment, the real time decryption and 
descrambling of a broadcast is carried out by the SIM card of the recorder prior to 
recordal. In the second embodiment, the decoder smart card manages the safeguard 
of recording access keys and also plays a part in the real time decryption and 
decoding of broadcast transmissions. 

25 

First Embodiment 

Referring to Figure 5, the structure of the memory zones in the smart card 30 and 
SIM card 52 associated with the decoder and recorder, respectively, will now be 
30 described. 

As shown, the decoder smart card 30 includes a number of keys adapted to function 
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with a symmetric encryption/decryption algorithm associated with the conditional 
access system. In the present example, a custom algorithm "CA" is used for 
operations generally associated with access to the broadcast transmission. This is to 
distinguish from the operations carried out by the SIM card 52 using the DES 
5 algorithm and which are generally associated with the recordal and playback of 
information on the digital support (see below). 

The first set of keys, associated with the conditional access system manager indicated 
in the zone 55, are implanted in the smart card at the moment of personalisation. 
10 These keys include a key K0 diversified by a number NS unique to that card. The 
system manager zone 55 may also include other keys, such as an audience key Kl 
(not shown) diversified by a constant C and common to all smart cards handled by 
the conditional access system manager. 

15 A second zone 56 contains the keys associated with one or more broadcast operators. 
These keys may be implanted at the moment of personalisation of the card 30 by the 
conditional access system manager but are more usually created by means of a special 
transmitted EMM message at the start up of a decoder. 

20 As mentioned above, the operator keys may typically include a K0' diversified by a 
number NS unique to that card, a group key Kl' diversified by a group number GN 
and an audience key K2' diversified by a constant Z and common to all subscriber 
card addressed by that operator. 

25 Finally, the smart card includes the value of the unique number NS of that card, 
implanted at the moment of personalisation and held in the zone 57 of the smart card 
memory. 

As is shown, the SIM card 52 associated with the digital recorder includes two 
30 sections 58, 59 associated with keys and operations carried out using the CA and DES 
algorithms, respectively. The section 59 associated with operations using the CA 
algorithm includes a first system manager zone 60 and an operator zone 61. The 
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keys. in the system manager zone are implanted in the card at the moment of 
personalisation by the conditional access system manager and include a key K0 
diversified by the serial number NSIM of the SIM card as well as a communications 
transport key T also diversified by the serial number NSIM of the card. Both keys 
5 are unique to the SIM card in question. 

The SIM card further includes an operator zone 61 adapted to store keys associated 
with one or more operators. In the present Figure 5, the SIM card is shown as it is 
at the moment of its creation and personalisation by the conditional access system 
10 manager and before insertion in a recorder. For this reason, both the operator zone 
61 and the DES zone 58 are shown as blank, i.e. without any stored keys. 

Finally, the SIM card includes a zone 63 adapted to hold the unique SIM card serial 
number NSIM. 

15 

As mentioned above, in this embodiment, the recorder SIM card 52 is adapted to 
handle the real time decryption and descrambling of broadcast data autonomously and 
independent of the smart card 30 associated with the decoder. In order to carry out 
these operations, it is necessary for the recorder SIM card 52 to possess a double of 
20 the keys usually held in the system manager and operator zones 55, 56 of the decoder 
smart card (see Figure 5). As will be described, once the necessary keys are installed 
in the recorder SIM card 52, the decoder 12 will thereafter pass the broadcast 
transmission stream "as is" to the digital recorder 50 and card 52. 

25 In this embodiment, the generation of duplicate broadcast related keys is managed by 
the central conditional access system 21, the digital recorder 50 acting to transmit a 
request to the appropriate server, e.g. via the modem link provided by the decoder 
12. Alternatively, it may be envisaged that the recorder itself will be equipped with 
a modem to carry out this request. In this embodiment, the central conditional access 

30 system serves to regulate both transmission access control keys and, as will be 
described recording access control keys 
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In order to enable the central conditional access system server to generate a double 
of the keys associated with the decoder smart card it is necessary that the request 
message from the recorder SIM card includes an identification of the identity of the 
decoder smart card (e.g. the smart card serial number NS) as well as providing 
5 secured confirmation of its own identity. 

As a first step therefore, the decoder smart card 30 communicates its serial number 
NS and a list of operators Opl, Op2 etc. to the SIM card 52. For reasons of 
security, this communication may itself be encrypted by a simple transport encryption 
10 algorithm applied to all communications between the decoder 12 and recorder 50. 
To avoid unnecessary complexity in the Figures, the keys associated with this 
encryption are not shown. The decoder card serial number NS is then stored in the 
system manager zone of the SIM card. 

15 The recorder SIM card 52 then sets up a communication with the conditional access 
system 21 and requests the unique number NMERE of the conditional access system 
21 at the conditional access server (see Figure 2). Using the information thus 
obtained, the recorder SIM card 52 generates a message using the CA algorithm, as 
shown in Fig. 6. 

20 

In the convention adopted in the accompanying drawings, the symmetric algorithm 
to be used in a given cryptographic step (CA or DES) is identified within an oval. 
The data to be encrypted and/or the data serving as a diversifier is identified as 
arriving via a blacked out input to the oval. See the encryption of the smart card 
25 number and operator list at 70 in Figure 6. Decryption steps are distinguished using 
an inverse power sign, for example CA" 1 or DES' 1 . 

As a first step in Figure 6, the smart card number NS and operator list are encrypted 
by the key K0 (NSIM) as shown at 70 to generate a message 71 comprising the SIM 
30 card serial number NSIM and the encrypted data. At a second step 72, the encrypted 
data is again re-encrypted by the key T (NSIM, NMERE), created by diversifying the 
key T (NSIM) by a unique value NMERE associated with the conditional access 
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system. As will be understood, the steps 70, 71 may be carried out in the inverse 
order. The message 73 and signature thus formed are then sent to the conditional 
access server 21, ciphering unit 24 and mother card 25. 

5 The conditional access system 21 decrypts the message as shown in Figure 7. The 
system possesses the original key K0 shown at 76. Diversifying the key K0 with the 
NSIM value contained in the message, as shown at 77, generates the key K0 (NSIM). 
The key K0 (NSIM) is first used to validate the signature at 78. In the event that the 
signature is not valid, the analysis of the message ends, as shown at 81. 

10 

In addition to the key K0, the system also possesses the transport key T or at least 
the key T (NMERE) representing the value of this key T diversified by unique 
conditional access system number NMERE. Diversifying T (NMERE) by the value 
NSIM contained in the message enables the system to generate the key T (NSIM, 
15 NMERE). For the sake of simplicity, the steps in the preparation of this key have 
not been shown in Figure 7. 

Equipped with keys K0 (NSIM) and T (NSIM, NMERE), the system manager can 
then decrypt the message at 79 to obtain the decoder smart card serial number NS and 

20 the list of operators associated with the subscriber in question. The system manager 
then further verifies that the list of operators does indeed match the smart card serial 
number and thereafter assembles in an EMM message the duplicate key values that 
will be needed by the recorder SIM card to decrypt a transmission, including a 
duplicate of the smart card system manager key K0 (NS) as well as the various 

25 operator keys K0' (Opl, NS), Kl' (Opl, GN) etc. 

The access system also prepares a recording transport key RT (A) which will be 
subsequently used by the SIM card in controlling access during the recording and 
playback of a digital recording, as will be discussed in more detail below. In 
30 accordance with the choice of algorithm preferred for dealing with the recording, this 
key will be prepared from a DES key RT diversified by a random number A. The 
key RT is always present in the mother card and a copy of the value A is maintained 
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for safeguard purposes in a database associated with the system operator. In this 
way, the value RT (A) may be regenerated at any moment. 

The smart card duplicate keys K0 (NS), KO' (Opl, NS), Kex etc. and the recording 
5 transport key RT (A) are then formatted into an EMM message sent to the recorder 
SIM card. For security reasons, this message is encrypted by the key KO (NSIM) to 
ensure that only the correct SIM card can obtain this information. 

For any subsequent change or update, for example, in relation to the operator keys 
10 or other access rights, the SIM card (as a copy of the smart card) will receive all 
EMM/ECM messages needed to decrypt broadcast transmissions. 

Referring to Figure 8, the^state of the recorder SIM card 52 immediately prior to the 
recordal of a broadcast transmission will now be described. As shown, the digital 

15 recorder card 59 now includes complete system manager and operator zones 60, 61 
as well as a stored value the DES recording transport key RT (A) shown at 85. In 
addition, the card generates a recording encryption key E (NE) shown at 86 and 
obtained by diversifying at 87 a DES key E shown at 88 by a random value NE 
shown at 89. In this case, the key E(NE) is used as a type of session key and may 

20 be changed between recordings. The pair of keys E (NE) and RT (A) will 
subsequently be used in all encryption and decryption of the digital recording. 

Referring to Figure 9, the steps in the treatment by the recorder of an ECM message 
associated with a broadcast transmission will now be described. After the arrival of 

25 an ECM message at 90, the card verifies at 91 that it has the rights to read this 
particular transmission, for example, that it is a transmission from one of the 
operators in its list of operators. If so, the encrypted control word CW is extracted 
from the ECM at the step 92. If not, the processing stops at step 93. Using that 
month's exploitation key Kex for the operator in question shown at 94, the card 

30 decodes at 95 the encrypted value to obtain the control word CW in clear, as shown 
at 96. 
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The recorder card then re-encrypts at 97 the control word CW using the DES key E 
(NE) shown at 98 and prepares an ECM including the newly encrypted control word 
for insertion in the data stream to replace the previous ECM. The scrambled 
transmission together with the sequence of new ECM messages are then recorded on 
5 the support in the digital recorder. 

Simultaneously and as shown at step 101 in Figure 10, the SIM recorder card 
encrypts the value E (NE) shown at 100 using the recording transport key RT (A) 
shown at 102, so as to generate a special EMM type message 103. This EMM 
10 message is then recorded on the digital recording support at the start or header of the 
recording. As will be understood from the foregoing description, other than the 
safeguard copy held at the conditional access system database, the key RT (A) is 
unique to the recorder card and this EMM message may not be decrypted by cards 
other than the recorder card that generated the message. 

15 

Referring to Figure 1 1 , the steps in the decryption and descrambling of a recording 
will now be described. Firstly, the EMM message 111 at the head of the recording 
is decrypted at 110 using the recording transport key 112 stored in the SIM card. 
Assuming the EMM message was originally created using the same recording 
20 transport key the result of the decryption step 110 will be the recording encryption 
key E (NE) at 116. 

As the recording is played, ECMs 113 are picked out from the data stream and 
decrypted at step 1 14 using the recording encryption key E (NE) to obtain at step 115 
25 the control word CW used to scramble that part of the data stream associated with the 
ECM. This control word CW is then fed together with the scrambled audiovisual 
data to a descrambling unit, either in the recorder SIM card or in the recorder itself, 
and a descrambled audiovisual output obtained for subsequent display via the 
television display or the like. 

30 

As will be understood, the presence of a safeguard means for preparing a copy of the 
transport key RT (A) at the mother card 25 of the central access control system 
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means that, in the event of loss or destruction of the recorder SIM card 25, it will be 
possible to reconstruct a new recorder card to allow playback of previously made 
recordings. 

5 The above embodiment is particularised by the fact that the recording transport key 
RT (A) is generated and safeguarded at a central server and also by the fact that the 
recorder SIM card contains a duplicate of the necessary operator keys to 
independently decrypt and descramble a real time transmission. The second 
embodiment, described below in Figures 12 to 19 does not suffer from these 
10 constraints, but describes a realisation in which the decoder smart card plays a more 
important role. 

Second Embodiment 

15 Referring to Figure 12, the structure of the conditional access zones in the decoder 
smart card 30 and recorder SIM card 52 in such a system are shown. As before, 
both cards include zones reserved for operations using the CA algorithm and storage 
of key data, in particular system manager zones 55, 60 and operator zones 56, 61. 

20 In the present embodiment, the system manager zone 55 of the decoder card 30 
includes, in addition to the key K0 (NS), an audience key Kl (C) common to all 
cards personalised and managed by the system manager and formed by the 
diversification of a CA key by a constant value C. This key Kl (C) is also present 
in the system management zone 60 of the recorder card 52. 

25 

The other significant change in comparison with the zone structure of the previous 
embodiment is that the smart card 30 is additionally provided with the DES algorithm 
and includes a DES operating zone 120. 

30 In order to enable the decoder smart card and recorder SIM card to work together 
and, in particular, to enable the eventual generation of a recording transport key TR, 
it is necessary for a mutual authentification of both cards to be carried out. 
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As shown in Figure 13, as a first step 121 the recorder SIM card 52 requests a 
random number from the decoder smart card 30 which returns the number Al at 122. 
This number is then used to diversify the audience key Kl (C) at step 123 to generate 
the key Kl (C, Al) shown at step 124. The SIM card then generates a second 
5 random number A2 shown at 125, which is in turn encrypted by the key Kl (C, Al) 
at 126. Before communication to the smart card, this message is again encrypted and 
signed at 128 by a second key Kl (C, NSIM) shown at 127 and formed by 
diversifying the audience key Kl (C) by the value NSIM. The message .129 thus 
formed is sent as a request for serial number NS and associated individual key 
10 KO(NS) to the decoder smart card 30. 

Referring to Figure 14, on arrival at the decoder smart card 30, the communicated 
value NSIM is used by the smart card to generate the Jcey Kl (C, NSIM). The value 
of A2 is then decrypted at 130 using this key and the key Kl (C, Al) obtained by the 
15 smart card using the random number Al that it had previously generated and stored 
in its memory. 

This random number value A2 obtained at 131 is then used to diversify the audience 
key Kl (C) to obtain the key Kl (C, A2) shown at 132. The key Kl (C, A2) then 
20 encrypts the smart card unique serial number NS and system key K0 (NS) at 133 to 
create the message 134. 

As before, this message is then re-encrypted at 135 using the key Kl (C, NSIM) 
shown at 136 and the message returned to the recorder SIM card 52 as shown at 137. 

25 

The recorder SIM card generates the keys Kl (C, A2) and Kl (C, NSIM) shown at 
138 by diversifying the key Kl (C) by the NSIM serial number and the previously 
generated and memorised random number A2. These keys are used to decrypt at 139 
the messages so as to obtain the unique serial number NS and unique system manager 
30 key K0 (NS) of the smart card, this information thereafter being recorded in the 
memory of the recorder SIM card at 140. 
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Unlike the previous embodiment, in which doubles of all system manager and 
operator keys were taken to ensure independent operation of the recorder SIM card, 
the double key K0 (NS) and the smart card serial number NS are used to set up a 
session key for recording and to enable secure communication between the cards 
5 during a recording session, notably to enable secure communication of a recording 
transport key. 

In this embodiment, the initial decryption of the CW is handled by the smart card 
using the operator keys and monthly exploitation keys that it possesses. Whilst it is 
10 conceivable that the control word CW could be passed directly to the SIM card during 
the creation of a recording it is desirable for security reasons to use a session key to 
transport the control word CW for this purpose. 

Figure 15 shows one way of creating such a key. As shown, the recorder SIM card 
15 picks a random key K3 shown at 141 and diversifies this key at 142 with the SIM 
card serial number NSIM shown at 143. The key K3 may be taken from any one of 
a number of such keys stored for this purpose in the system manager zone. The CA 
session key K3 (NSIM) thus created at 144 is then encrypted at 145 using the 
previously obtained smart card system manager key K0 (NS) shown at 146. The 
20 message 147 thus generated is thereafter transmitted to the decoder smart card 55 
which uses its key K0 (NS) to decrypt the message at 148 and store the session key 
K3 (NSIM) in the memory of the card at step 149. 

Referring to Figure 16, the state of the recorder SIM card prior to a recording 
25 operation will now be described. The system manager zone 60 includes the smart 
card key K0 (NS) and the session key K3 (NSIM) as well as the normally present 
system keys K0 (NSIM) etc. (not shown). In addition, the card creates a DES 
recording encryption key from a DES key E shown at 150 by diversifying this key 
at 151 by a random value NE shown at 152. As before, the resulting recording 
30 encryption key E (NE) will be used in the re-encryption of the control words 
associated with a program. Similarly, a recording transport key RT (A) shown at 153 
is generated to be used to encrypt the recording encryption key E (NE) also recorded 
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on the digital support medium. 

Unlike the previous embodiment, in which the recording transport key was generated 
at the access control server, the key RT (A) is generated by the recorder SIM card 
5 itself using a DES key diversified by a random number A. In order to safeguard a 
copy of this key a copy is communicated to the decoder smart card. For obvious 
security reasons, this copy is communicated in encrypted form, for example, as 
encrypted by the smart card key K0 (NS) currently stored in the SIM card memory . 

10 Referring to Figure 20, upon first insertion in the decoder the recorder SIM card 52 
first sends a request 190 to the smart card to see if a value of RT(A) has already been 
generated. An evaluation is carried out by the decoder smart card at 191. 

If the answer is negative, the recorder SIM card 52 generates a random DES key RT 
15 at 192, which value is diversified at 193 by a random value A shown at 194 to 
generate the key RT(A) shown at 195. This key value RT(A) is then encrypted at 
196 using the custom algorithm and the key KO(NS) shown at 197 and the resulting 
message 198 then sent to the decoder smart card 30 for decryption and safeguard of 
the key RT(A). 

20 

If the determination at 191 is positive, then the previously stored value of RT(A) is 
sent back at 199 to the recorder SIM card 52. 

Referring to Figure 17, the operations of the decoder smart card 30 during recording 
25 of a scrambled transmission will now be described. As mentioned above, in this 
embodiment, the decoder smart card handles the initial decryption steps using the 
operator keys before communicating the value of the control word CW to the recorder 
SIM card 52. 

30 As shown, the decoder smart card 30 receives an ECM 160 for processing in the 
operator zone 56. Firstly, the smart card 30 checks that it has the rights to access 
this program. Assuming that this is the case, the encrypted code word CW is 
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extracted from the ECM at 162 and decrypted at 163 using the appropriate 
exploitation key Kex shown at 164. Otherwise, the process ends as shown at 165. 

5 As mentioned above, the clear value of the control word CW shown at 166 cannot 
be directly communicated to the recorder SIM card. Accordingly, the control word 
, CW is encrypted at 167 using the session key K3 (NSIM) shown at 168 and the 
resulting value 169 communicated to the recorder card SIM for the next steps in the 
process. 

10 

Referring to Figure 18, the control word encrypted by the session key is received by 
the recorder SIM card 52 which carries out a decryption process at 170 using the 
equivalent of the session key K3 (NSIM) previously stored in memory shown at 171. 
The clear value of the control word CW at 172 is then passed to the DES zone of the 
15 card for encryption at 173 using the recording encryption key E (NE) shown at 174. 
The resulting encrypted value is then encapsulated in an ECM and inserted in the data 
stream for recordal with the still scrambled data on the recording support. 

At the same time and in a similar manner to the first embodiment, the recording 
20 encryption key value shown at 180 in Figure 19 is encrypted at 181 using the 
recording transport key RT(A) shown at 182. The resulting encrypted value 183 is 
encapsulated in an EMM for recordal in the header of the digital recording. 

During replay of the recording, and as described before in relation to Figure 11, the 
25 EMM at the start of a recording containing the recording encryption key E (NE) is 
decrypted by the recorder SIM card using the recording transport key RT (A). The 
recording encryption key E (NE) is then used to decrypt each ECM so as to obtain 
the control word CW associated with that particular section of the scrambled 
recording. The recording is then descrambled and played. 

30 

As will be understood, the presence of a safeguard copy of the recording transport 
key RT (A) stored in the decoder smart card means that, in the event of loss or 
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breakdown of the recorder SIM card, a replacement recorder card may be generated. 
Unlike the previous embodiment, however, it is not necessary to use a centralised 
server to maintain this duplicate copy. 

5 As will be understood, alternative embodiments may be envisaged. For example, in 
the above embodiments the encryption recording key E (NE) is generated using a key 
and a random number. However, in alternative embodiments the key E (NE) may 
be generated from a key diversified by the serial number of the recording device itself 
(i.e. not the recorder SIM card) to link a given recording to both the recorder SIM 

10 card and the recording device. 

Similarly, certain elements of the first embodiment such as a centralised transport key 
store and an autonomously operating recorder are independent from each other and 
may be used in the second embodiment, and vice versa. 



15 
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CLAIMS 



1. A method of recording transmitted digital data in which transmitted digital 
information is encrypted by a recording encryption key (E(NE)) and stored by a 
5 recording means (50) on a recording support medium and characterised in that an 
equivalent of the recording encryption key (E(NE)) is encrypted by a recording 
transport key (RT(A)) and stored on the support medium together with the encrypted 
information. 

10 2. A method as claimed in claim 1 in which the information encrypted by the 
recording encryption key (E(NE)) comprises control word information (CW) usable 
to descramble a scrambled data transmission also recorded on the support medium. 

3. A method as claimed in claim 1 or 2 in which the recording encryption key 
15 (E(NE)) and/or recording transport key (RT(A)) are stored on a portable security 

module (52) associated with the recording means (50). 

4. A method as claimed in any preceding claim in which the transmitted information 
is encrypted prior to transmission and received by a decoder means (12) before being 

20 communicated to the recording means (50) . 

5. A method as claimed in claim 4 in which the decoder (50) is associated with a 
portable security module (30) used to store transmission access control keys (K0(NS), 
K0'(Opl,NS) etc.) used to decrypt the transmitted encrypted information. 

25 

6. A method as claimed in claim 5 in which the recording encryption key (E(NE)) 
and/or recording transport key (RT(A)) function in accordance with a first encryption 
algorithm (DES) and the transmission access control keys (KO(NS), K0'(Opl,NS) 
etc.) function in accordance with a second encryption algorithm (CA). 

30 

7. A method as claimed in any preceding claim in which the recording transport key 
(RT(A)) is generated at a central recording authorisation unit (21,24,25) and a copy 
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of this key communicated to the recording means (50). 

8. A method as claimed in claim 7 in which the recording transport key (RT(A)) is 
preferably encrypted by a further encryption key (KO(NSIM)) prior to being 

5 communicated to the recording means (50). 

9. A method as claimed in any preceding claim in which a central access control 
system (21,24,25) communicates transmission access control keys (KO(NS), 
K0'(Opl,NS) etc.) to the recording means (50). 

10 

10. A method as claimed in claim 9 in which the transmission access control keys 
(K0(NS), K0'(Opl,NS) etc.) are communicated to a portable security module (52) 
associated with the recording means (50). 

15 11. A method as claimed in claim 9 or 10 in which the recording means (50) directly 
descrambles transmitted information using the transmission access keys (K0(NS), 
K0'(Opl,NS) etc.) prior to re-encryption of the information by the recording 
encryption key (E(NE)) and storage on the support medium. 

20 12. A method as claimed in any of claims 9, 10 or 11 in which the central access 
control system (21, 24, 25) preferably encrypts the broadcast access control keys 
(KO(NS), K0'(Opl,NS) etc.) by a further encryption key (KO(NSIM)) prior to their 
communication to the recording means (50). 

25 13. A method as claimed in any of claims 9 to 12 in which the recording means (50) 
sends a request to the central access control system including information identifying 
the broadcast access keys needed (K0(NS), K0'(Opl,NS) etc.), the request being 
authentified by the recording means (50) using a key (KO(NSIM)) unique to that 
recording means. 

30 



14. A method as claimed in claim 1 using a decoder means (12) and associated 
security module (30) and a recording means (50) and associated security module (52) 
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and in which a copy of the recording transport key (RT(A)) is stored in the security 
module (30) associated with the decoder means (12) and/or the security module (52) 
associated with the recording means. 



5 15. A method as claimed in claim 14 in which the recording transport key (RT(A)) 
is generated by either the recording security module (52) or decoder security module 
(30) and communicated to the other security module. 

16. A method as claimed in claim 15 in which the recording transport key (RT(A)) 
10 is preferably encrypted before communication to the other security module and 

decrypted by a key unique (KO(NS)) to that other security module. 

17. A method as claimed in claim 16 in which the decoder security module (30) and 
recording security module (52) carry out a mutual authorisation process, the unique 

15 decryption key (K0(NS)) being passed to the other security module from the 
encrypting security module depending on the results of the mutual authorisation. 

18. A method as claimed in claim 17 in which the mutual authorisation step is 
carried out using, inter alia, an audience key K1(C) known to both security modules 

20 (30,52). 

19. A method as claimed in any of claims 14 to 18 in which the decoder security 
module (30) possesses transmission access control keys (K0(NS), K0'(Opl,NS) etc.) 
to decrypt the transmitted information in an encrypted form and a session key 

25 (K3(NSIM)) re-encrypt the information prior to communication to the recording 
security module (52), the recording security module (52) possessing an equivalent of 
the session key (K3(NSIM)) to decrypt the information prior to encryption by the 
recording transport key (RT(A)). 

30 20. A method as claimed in claim 19 in which the session key (K3(NSIM)) is 
generated by the decoder security module or recording means security module (52) 
and communicated to the other module in encrypted form using an encryption key 



WO 99/41907 




PCT/IB99/00303 



-35- 



(KO(NS)) uniquely decry ptable by the other security module. 

21. A recording means (50) adapted for use in a method as claimed in any preceding 
claim comprising a security module (52) for encrypting transmitted digital information 
5 by a recording encryption key (E(NE)) for storage on a recording support medium 
and characterised in that the security module (52) is further adapted to encrypt the 
recording encryption key (E(NE)) by a recording transport key (RT(A)) for storage 
on the support medium. 

10 22. A portable security module (52) adapted for use in the recording means of claim 
21 and characterised in comprising a recording encryption key (E(NE)) for encryption 
of transmitted digital information for subsequent recordal and a recording transport 
key (RT(A)) for encryption of the recording encryption key for subsequent recordal. 

15 23. A decoder means (20) adapted for use in a method as claimed in any of claims 
14 to 20 including a security module (30) adapted to store a copy of the recording 
transport key (RT(A)). 

24. A decoder means (20) as claimed in claim 23 including a security module (30) 
20 adapted to descramble transmitted information using one or more transmission access 

keys (K0(NS), K0'(Op,NS) etc.) prior to reencryption by a session key (K3(NSIM)) 
for subsequent communication to a recording means. 

25. A portable security module (30) adapted for use in the decoder means (20) of 
25 claim 23 or 24 and comprising at least a copy of the recording transport key (RT(A)). 

26. A method of recording transmitted digital data substantially as herein 
described. 

30 27. A recording means substantially as herein described. 

28. A portable security module substantially as herein described. 
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29. A decoder means substantially as herein described. 
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I. Basis of the report 

1 . This report has been drawn on the basis of (substitute sheets which have been furnished to the receiving Office in 
response to an invitation under Article 14 are referred to in this report as "originally filed" and are not annexed to 
the report since they do not contain amendments.): 

Description, pages: 

1 -31 as originally filed 

Claims, No.: 

1 -29 as originally filed 

Drawings, sheets: 

1/1 5-1 5/1 5 as originally filed 
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□ the claims, Nos.: 
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V. Reasoned statement under Article 35(2) with regard to novelty, inventive step or industrial 
applicability; citations and explanations supporting such statement 

1. Statement 

Novelty (N) Yes: Claims 

No: Claims 1,2,21-29 

Inventive step (IS) Yes: Claims 

No: Claims 3-20 

Industrial applicability (I A) Yes: Claims 1 -29 

No: Claims 

2. Citations and explanations 
see separate sheet 

VII. Certain defects in the international application 

The following defects in the form or contents of the international application have been noted: 
see separate sheet 

VIII. Certain observations on the international application 

The following observations on the clarity of the claims, description, and drawings or on the question whether the 
claims are fully supported by the description, are made: 

see separate sheet 
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The following documents are referred to in this communication; the numbering will be 
adhered to in the rest of the procedure: 

D1: FR-A-2,732,537 
D2: EP-A-0 763 936 

Section V: 

1. Claims 1,21: 

Document D1 is regarded as being the closest prior art to the subject-matter of claim 1, 
and insofar as this claim can be understood (see Section VIII below), this document 
shows (the references in parentheses applying to this document) a method of recording 
transmitted digital data in which transmitted digital information is encrypted and stored 
(see page 7 line 16-18) on a recording support medium and characterised in that an 
equivalent of the recording encryption key is encrypted and stored on the support 
medium together with the encrypted information (see ECM in fig. 2 and page 5, lines 7 
to 11). 

Since all features of claim 1 are considered to be known from the prior art, the 
requirements with respect to novelty are not met (Art. 33(2) PCT). 

The features of the recording means of claim 21 correspond to the method steps of 
claim 1 in such a way that the objection with respect to novelty likewise applies against 
present claim 21 (Art. 33(2) PCT). 

2. Claims 2 to 20: 

The additional features of claim 2 to 20 are either known (see e.g. claim 2: control word 
information usable to descramble a scrambled data transmission; see deciphering key 
DCh1 in fig. 1 of document D1) from the prior art documents cited in the International 
Search Report or generally known in the technical field of cyphering and the inclusion 
of such features is regarded as part of the customary praxis the skilled person would 
consider in accordance with circumstances. 
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Hence, the subject-matter of claims 2 to 20 is not considered to be novel or does not 
involve an inventive step as required by Articles 33(2) and (3) PCT. 

3. Claims 22 to 29: 

In as far as these claims can be understood (see Section VIII below) the following 
remarks are to be made: 

A portable security module of the type claimed in claim 22 comprising a recording 
encryption key and a recording transport key are considered to be known in the prior 
art (see document D2, smart card 221 in fig. 17 and col. 18, line 43 to col. 19 line 8). 

Hence, claim 22 cannot be allowed because of lack of novelty of the subject-matter 
claimed (Art.33(2) PCT). 

The objection raised with respect to claim 22 similarly applies mutatis mutandis to 
claims 23 to 29. 

4. The claims have industrial applicability as required in accordance with Art. 33(4) 
PCT since the subject-matter claimed can be made or used in industry. 



Section VII: 

The claims are not in the two-part form with all the features of the closest prior art 
document (at present document D1) being comprised in the generic part of the claim 
(Rule 6.3(b)(i) PCT) and with the remaining features being included in a characterising 
part (Rule 6.3(b)(ii) PCT). 

Section VIII: 

1 . For the following reasons claims 1 , 21 to 29 do not meet the conciseness 
requirements of Article 6 PCT: 
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Although these claims have been drafted as separate independent claims, they 
appear to relate effectively to the same subject-matter or at least having 
overlapping scope and differ from each other only with regard to the definition of 
the subject-matter for which protection is sought. The aforementioned claims 
therefore lack conciseness. Moreover, lack of clarity of the claims as a whole 
arises, since the plurality of independent claims makes it difficult, if not impossible, 
to determine the matter for which protection is sought, and places an undue bur- 
den on others seeking to establish the extent of the protection. 

In this case it appears that one independent method claim and one independent 
apparatus claim would be sufficient. 

2. Clarity (Art. 6 PCT): 

2.1 Claims 1 and 21: 

It is not clear in which way the recording encryption key and the transport key 
differ from each other, since both keys are stored on the support medium together 
with the encrypted information. In this context it is unclear, what is to be 
understood by " equivalent of the recording encryption key". 

It is further unclear, whether the keys are transmitted together with the encrypted 
information or not. 

Therefore, the requirements with respect to clarity are not met for claims 1 and 21 
(Art. 6 PCT). 

2.2 Claims 22 to 29: 

The subject-matter of claims 22 to 29 is considered to be undefined, since these 
claims do not comprise all essential features for carrying out the alleged invention 
(Art. 6 PCT). 
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